Change legacy security group rule check
A neutron change, https://review.opendev.org/#/c/453346/
is standardizing the protocol name for IPv6 ICMP in security
group rules to be 'ipv6-icmp', even if 'icmp' or 'icmpv6'
was passed during creation. Change the API test to check
against a list of possible values so it covers both old and
new behaviors.
Change-Id: I0ca8d743ca56f7d67ef8c1ae45ca518bd6e6dc35
Partial-Bug: #1582500
diff --git a/neutron_tempest_plugin/api/base_security_groups.py b/neutron_tempest_plugin/api/base_security_groups.py
index ca2c17a..952de95 100644
--- a/neutron_tempest_plugin/api/base_security_groups.py
+++ b/neutron_tempest_plugin/api/base_security_groups.py
@@ -47,8 +47,6 @@
for k, v in constants.IP_PROTOCOL_MAP.items()
if k in V4_PROTOCOL_NAMES}
-V6_PROTOCOL_LEGACY = {constants.PROTO_NAME_IPV6_ICMP_LEGACY}
-
V6_PROTOCOL_NAMES = {
'ipv6-encap',
'ipv6-frag',
@@ -60,4 +58,4 @@
V6_PROTOCOL_INTS = {v
for k, v in constants.IP_PROTOCOL_MAP.items()
- if k in (V6_PROTOCOL_NAMES | V6_PROTOCOL_LEGACY)}
+ if k in V6_PROTOCOL_NAMES}
diff --git a/neutron_tempest_plugin/api/test_security_groups.py b/neutron_tempest_plugin/api/test_security_groups.py
index d44ba50..6de2c22 100644
--- a/neutron_tempest_plugin/api/test_security_groups.py
+++ b/neutron_tempest_plugin/api/test_security_groups.py
@@ -109,12 +109,42 @@
_ip_version = constants.IP_VERSION_6
protocol_names = base_security_groups.V6_PROTOCOL_NAMES
protocol_ints = base_security_groups.V6_PROTOCOL_INTS
- protocol_legacy_names = base_security_groups.V6_PROTOCOL_LEGACY
@decorators.idempotent_id('c7d17b41-3b4e-4add-bb3b-6af59baaaffa')
- def test_security_group_rule_protocol_legacy_names(self):
- self._test_security_group_rule_protocols(
- protocols=self.protocol_legacy_names)
+ def test_security_group_rule_protocol_legacy_icmpv6(self):
+ # These legacy protocols can be used to create security groups,
+ # but they could be shown either with their passed protocol name,
+ # or a canonical-ized version, depending on the neutron version.
+ # So we check against a list of possible values.
+ # TODO(haleyb): Remove once these legacy names are deprecated
+ protocols = {constants.PROTO_NAME_IPV6_ICMP_LEGACY:
+ constants.PROTO_NAME_IPV6_ICMP,
+ constants.PROTO_NAME_ICMP:
+ constants.PROTO_NAME_IPV6_ICMP}
+ for key, value in protocols.items():
+ self._test_security_group_rule_legacy(
+ protocol_list=[str(key), str(value)],
+ protocol=str(key),
+ direction=constants.INGRESS_DIRECTION,
+ ethertype=self.ethertype)
+
+ def _test_security_group_rule_legacy(self, protocol_list, **kwargs):
+ security_group = self.create_security_group()
+ security_group_rule = self.create_security_group_rule(
+ security_group=security_group, **kwargs)
+ observed_security_group_rule = self.client.show_security_group_rule(
+ security_group_rule['id'])['security_group_rule']
+ for key, value in kwargs.items():
+ if key == 'protocol':
+ self.assertIn(security_group_rule[key], protocol_list,
+ "{!r} does not match.".format(key))
+ self.assertIn(observed_security_group_rule[key], protocol_list,
+ "{!r} does not match.".format(key))
+ else:
+ self.assertEqual(value, security_group_rule[key],
+ "{!r} does not match.".format(key))
+ self.assertEqual(value, observed_security_group_rule[key],
+ "{!r} does not match.".format(key))
class RbacSharedSecurityGroupTest(base.BaseAdminNetworkTest):